Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
I’m using LE certificates when accessing internal web services from the internet through an Apache reverse proxy. both port 80 as well as port 443 on my WAN router/firewall is redirected to the Reverse Proxy.
When time comes for LE renewal, I need to close down the Reverse Proxy and manually redirect port 80 to the web server. This means that during that process, my entire LAN is exposed to the internet with no protection.
I understand that LE needs to verify ownership of my domains, but isn’t there a way to do this without:
a) The need to interrupt whatever current services already bound to port 80?
b) Exposing (opening) port 80 to the world?
Many thanks for any guidelines.